Tag
Detects the creation of Windows theme files in unusual locations, such as Desktop, Documents, Downloads, or Temp directories, which can be indicative of remote code execution or NTLM coercion attacks.